From 7e28c0294831068d690dd769c20c31e50c1580fd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar
Date: Thu, 14 Nov 2019 14:21:53 +0100
Subject: [PATCH] Minor improvements
---
extra/vulnserver/vulnserver.py | 7 ++++---
lib/controller/controller.py | 6 ++++--
lib/core/common.py | 2 +-
lib/core/settings.py | 2 +-
lib/core/testing.py | 1 +
lib/utils/crawler.py | 8 ++++++++
6 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py
index e889cfaf6..aa43a4cce 100644
--- a/extra/vulnserver/vulnserver.py
+++ b/extra/vulnserver/vulnserver.py
@@ -124,13 +124,14 @@ class ReqHandler(BaseHTTPRequestHandler):
self.url, self.params = path, params
if self.url == '/':
+ self.send_response(OK)
+
if "id" not in params:
- self.send_response(FOUND)
+ self.send_header("Content-type", "text/html")
self.send_header("Connection", "close")
- self.send_header("Location", "/?id=1")
self.end_headers()
+ self.wfile.write(b"GET:
link
POST:
")
else:
- self.send_response(OK)
self.send_header("Content-type", "text/html")
self.send_header("Connection", "close")
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 5029fc2fd..3f122f5f9 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -36,6 +36,7 @@ from lib.core.common import isListLike
from lib.core.common import parseTargetUrl
from lib.core.common import popValue
from lib.core.common import pushValue
+from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import removePostHintPrefix
@@ -203,10 +204,11 @@ def _randomFillBlankFields(value):
for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
item = match.group("result")
if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
+ newValue = randomStr() if not re.search(r"^id|id$", item, re.I) else randomInt()
if item[-1] == DEFAULT_GET_POST_DELIMITER:
- retVal = retVal.replace(item, "%s%s%s" % (item[:-1], randomStr(), DEFAULT_GET_POST_DELIMITER))
+ retVal = retVal.replace(item, "%s%s%s" % (item[:-1], newValue, DEFAULT_GET_POST_DELIMITER))
else:
- retVal = retVal.replace(item, "%s%s" % (item, randomStr()))
+ retVal = retVal.replace(item, "%s%s" % (item, newValue))
return retVal
diff --git a/lib/core/common.py b/lib/core/common.py
index f2aba7e36..2c4766a59 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -4909,7 +4909,7 @@ def prioritySortColumns(columns):
"""
def _(column):
- return column and "id" in column.lower()
+ return column and re.search(r"^id|id$", column, re.I) is not None
return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 28a2fb830..2f10ace46 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr
# sqlmap version (...)
-VERSION = "1.3.11.49"
+VERSION = "1.3.11.50"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/core/testing.py b/lib/core/testing.py
index 14da34527..58a03ed75 100644
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -64,6 +64,7 @@ def vulnTest():
TESTS = (
("--flush-session", ("CloudFlare",)),
+ ("--flush-session --forms --crawl=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3")),
("--flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
("--flush-session --data='' --mobile --banner --smart", ("might be injectable", "Payload: